Checkpoint SSL VPN on Linux

These instructions have been tested on Ubuntu 17.10, but they should be easily adaptable to other flavours.

The checkpoint VPN software currently only works with firefox-esr, due to most browsers dropping support for the java plugin. After much experimentation, I eventually got it to work, here’s how :

  1. Add oracle java 8 & mozilla apt repositories
    # sudo apt-get-repository -y ppa:webupd8team/java
    # sudo add-apt-repository ppa:mozillateam/ppa
    # sudo apt-get update
  2. Install the required packages.
    # sudo apt-get install firefox-esr oracle-java8-installer libstdc++5:i386 libpam0g:i386 libx11-6:i386 xterm
  3. Install the java plugin for firefox
    # mkdir ~/.mozilla/plugins
    # ln -s /usr/lib/jvm/java-8-oracle/jre/lib/amd64/ ~/.mozilla/plugins/
  4. Java security settings need to be modified to enable the checkpoint java plugin to work correctly.
    # sudo vi /usr/lib/jvm/java-8-oracle/jre/lib/security/

    Change the below line –

    jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024


    jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024
  5. Remove the standard version of firefox
    # sudo dpkg -r firefox
  6. The first time you run the plugin, firefox must be running as root, to install the neccessary plugins.
    # sudo firefox-esr

    If firefox complains about not being able to connect to X11, run “xhost +” first, and try again.

  7. Browse to your vpn login page, login, connect to vpn, accept all java confirmations and click yes when prompted to install the checkpoint plugin.
  8. Exit firefox, and run under your own account.